summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
diff options
context:
space:
mode:
authorJelmer Vernooij <jelmer@samba.org>2006-04-27 16:09:17 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 14:05:04 -0500
commit710ea949886dd57c66dc6d397e0ea41c89736107 (patch)
treef234adf0c7879144ef68044291753e43e028061d /source4/dsdb/samdb
parent70d10653ad3dcc4c12c83d4ca14752d0a0c89fe8 (diff)
downloadsamba-710ea949886dd57c66dc6d397e0ea41c89736107.tar.gz
samba-710ea949886dd57c66dc6d397e0ea41c89736107.tar.bz2
samba-710ea949886dd57c66dc6d397e0ea41c89736107.zip
r15297: Move create_security_token() to samdb as it requires SAMDB (and the rest of LIBSECURITY doesn't)
Make the ldb password_hash module only depend on some keys manipulation code, not full heimdal Some other dependency fixes (This used to be commit 5b3ab728edfc9cdd9eee16ad0fe6dfd4b5ced630)
Diffstat (limited to 'source4/dsdb/samdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/config.mk10
-rw-r--r--source4/dsdb/samdb/samdb.c76
2 files changed, 80 insertions, 6 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk
index 207fdf8201..20f6e182e5 100644
--- a/source4/dsdb/samdb/ldb_modules/config.mk
+++ b/source4/dsdb/samdb/ldb_modules/config.mk
@@ -17,7 +17,6 @@ SUBSYSTEM = ldb
INIT_FUNCTION = samldb_module_init
OBJ_FILES = \
samldb.o
-PUBLIC_DEPENDENCIES = SAMDB
#
# End MODULE ldb_samldb
################################################
@@ -62,10 +61,9 @@ OBJ_FILES = \
[MODULE::ldb_password_hash]
SUBSYSTEM = ldb
INIT_FUNCTION = password_hash_module_init
-OBJ_FILES = \
- password_hash.o
-PUBLIC_DEPENDENCIES = \
- HEIMDAL_HDB HEIMDAL_KRB5
+OBJ_FILES = password_hash.o
+PUBLIC_DEPENDENCIES = HEIMDAL_KRB5
+PRIVATE_DEPENDENCIES = HEIMDAL_HDB_KEYS
#
# End MODULE ldb_rootdse
################################################
@@ -78,7 +76,7 @@ INIT_FUNCTION = ldb_kludge_acl_init
OBJ_FILES = \
kludge_acl.o
PUBLIC_DEPENDENCIES = \
- LIB_SECURITY
+ LIBSECURITY
#
# End MODULE ldb_rootdse
################################################
diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c
index bd133c8745..5dbfd4ee87 100644
--- a/source4/dsdb/samdb/samdb.c
+++ b/source4/dsdb/samdb/samdb.c
@@ -1353,3 +1353,79 @@ _PUBLIC_ NTSTATUS samdb_set_password_sid(struct ldb_context *ctx, TALLOC_CTX *me
}
return NT_STATUS_OK;
}
+
+/****************************************************************************
+ Create the SID list for this user.
+****************************************************************************/
+NTSTATUS security_token_create(TALLOC_CTX *mem_ctx,
+ struct dom_sid *user_sid,
+ struct dom_sid *group_sid,
+ int n_groupSIDs,
+ struct dom_sid **groupSIDs,
+ BOOL is_authenticated,
+ struct security_token **token)
+{
+ struct security_token *ptoken;
+ int i;
+ NTSTATUS status;
+
+ ptoken = security_token_initialise(mem_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(ptoken);
+
+ ptoken->sids = talloc_array(ptoken, struct dom_sid *, n_groupSIDs + 5);
+ NT_STATUS_HAVE_NO_MEMORY(ptoken->sids);
+
+ ptoken->user_sid = talloc_reference(ptoken, user_sid);
+ ptoken->group_sid = talloc_reference(ptoken, group_sid);
+ ptoken->privilege_mask = 0;
+
+ ptoken->sids[0] = ptoken->user_sid;
+ ptoken->sids[1] = ptoken->group_sid;
+
+ /*
+ * Finally add the "standard" SIDs.
+ * The only difference between guest and "anonymous"
+ * is the addition of Authenticated_Users.
+ */
+ ptoken->sids[2] = dom_sid_parse_talloc(ptoken->sids, SID_WORLD);
+ NT_STATUS_HAVE_NO_MEMORY(ptoken->sids[2]);
+ ptoken->sids[3] = dom_sid_parse_talloc(ptoken->sids, SID_NT_NETWORK);
+ NT_STATUS_HAVE_NO_MEMORY(ptoken->sids[3]);
+ ptoken->num_sids = 4;
+
+ if (is_authenticated) {
+ ptoken->sids[4] = dom_sid_parse_talloc(ptoken->sids, SID_NT_AUTHENTICATED_USERS);
+ NT_STATUS_HAVE_NO_MEMORY(ptoken->sids[4]);
+ ptoken->num_sids++;
+ }
+
+ for (i = 0; i < n_groupSIDs; i++) {
+ size_t check_sid_idx;
+ for (check_sid_idx = 1;
+ check_sid_idx < ptoken->num_sids;
+ check_sid_idx++) {
+ if (dom_sid_equal(ptoken->sids[check_sid_idx], groupSIDs[i])) {
+ break;
+ }
+ }
+
+ if (check_sid_idx == ptoken->num_sids) {
+ ptoken->sids[ptoken->num_sids++] = talloc_reference(ptoken->sids, groupSIDs[i]);
+ }
+ }
+
+ /* setup the privilege mask for this token */
+ status = samdb_privilege_setup(ptoken);
+ if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(ptoken);
+ return status;
+ }
+
+ security_token_debug(10, ptoken);
+
+ *token = ptoken;
+
+ return NT_STATUS_OK;
+}
+
+